It looks like that Skype can be made to execute arbitrary code through a buffer overflow when the software is called upon to handle malformed URLs that are in form of callto:// and skype://. In addition, Skype can be made to execute arbitrary code during importation of a VCARD that is in a specific non-standard format.
Skype for Windows releases 1.1.*.0 through 1.4.*.83 are vulnerable to these problems. For the official fix, please visit SKYPE-SB/2005-002.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.